Mid South Pulmonary & Sleep Specialists (MSPS)
November 17, 2025
•[ ransomware, data leak, data breach ]
Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
Central Ozarks Medical Center
November 10, 2025
•[ cyberattack, unauthorized access, data breach ]
Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
Doctor Alliance LLC
November 4, 2025
•[ ransomware, data leak, phi ]
Threat actor Kazu claimed theft of 353GB (?1.24M files) from Doctor Alliance LLC and demanded a $200,000 ransom; sample includes scanned patient PHI.
Vibra Hospital of Sacramento
August 30, 2025
•[ data leak, PHI ]
Attack on Vibra Hospital of Sacramentos network occurred between August 30 and September 5, 2025. The breach exposed protected health information, including medical and insurance details but no financial or Social Security data. No ransomware or encryption occurred, and no threat group has publicly claimed responsibility.
Saint Mary’s Home of Erie
August 26, 2025
•[ unauthorized access, PII, PHI ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Visiting Nurse Association of Texas
July 17, 2025
•[ unauthorized access, email compromise, PII ]
Visiting Nurse Association of Texas identified suspicious network activity on July 17, 2025; an unauthorized actor accessed employee email accounts and potentially compromised personal and health-related data belonging to thousands of individuals, per notice and investigation.
Healthcare Interactive
July 8, 2025
•[ data leak, hacked, phi ]
Healthcare Interactive reported that hackers accessed its network between July 812, 2025 and exfiltrated files containing extensive PHI/PIIincluding names, DOBs, SSNs, contact details, insurance enrollment IDs, diagnoses, provider names, lab results, medical images, treatment plans, and possibly claims datawith the breach detected around July 22; the attack vector wasnt disclosed but regulators were notified.
The Children’s Center of Hamden
December 28, 2024
•[ data breach, data theft, unauthorized network activity ]
In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.
ARC Community Services
November 4, 2024
•[ unauthorized activity, data breach, protected health information ]
ARC Community Services disclosed it became aware of unauthorized activity in its network on November 4, 2024 and initiated incident response actions, including taking systems offline until operations could be safely restored. During the ensuing investigation and data review, ARC determined that files containing protected health information (PHI) were taken from its network. The potentially affected PHI varies by individual but may include contact information (name/address), date of birth, medical record number, health information, drivers license number, and financial account information.
Central Kentucky Radiology
October 16, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor accessed CKRs network Oct 1618 2024 and copied files; ~167k people impacted; notifications issued mid-June 2025; data stolen from Lexington-based servers; no encryption or operational shutdown confirmed.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
